We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of all cookies.

Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Always Active
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
  • Cookie
    cookielawinfo-checbox-others
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
  • Cookie
    cookielawinfo-checbox-analytics
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
  • Cookie
    viewed_cookie_policy
  • Duration
    11 months
  • Description
    The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
  • Cookie
    viewed_cookie_policy
  • Duration
    11 months
  • Description
    The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
  • Cookie
    cookielawinfo-checkbox-necessary
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
  • Cookie
    cookielawinfo-checbox-functional
  • Duration
    11 months
  • Description
    The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
  • Cookie
    cookielawinfo-checkbox-performance
  • Duration
    11 months
  • Description
    This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

No cookies to display.

Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.

No cookies to display.

Check out CartShark! Web Skimming Detection — save your e-commerce website from data breaches!
Learn more →
Skip to content
RapidSpike
  • Platform
    • Synthetics
    • Logo
    • Synthetic User JourneysEmulate real customer interactions and ensure key processes are live 24/7.
    • Magecart Attack DetectionThe leading web-skimming and formjacking detection tool.
    • Third Party MonitoringTrack all of your third party website plugins, gateways and other add-ons.
    • Performance MonitoringEnsure peak customer experience with Web Vitals and page load monitoring.
    • Security monitoring tools for e-commerce websitesMagecart Detection PCI Compliance
  • Solutions
    • EnterpriseSupporting global brands with complex needs.
    • eCommerceShopify, Magento, BigCommerce and custom platforms.
    • TravelEnabling the monitoring of complex booking journeys.
    • AgenciesA powerful partner in providing support and service contracts.
    • GamingMonitoring interactive gaming platforms.
    • Public SectorMeeting performance and reliability SLAs of government bodies.
  • Case Studies
  • Pricing
  • Learn
    • BlogNews, advice and platform updates from the RapidSpike marketing team.
    • RapidSpike AcademyBecome an expert in page load performance, security and synthetics!
    • Knowledge BaseHelpful guidance for understanding the world of website monitoring.
  • Log In
    • RapidSpike
    • CartShark
Get a Demo
RapidSpike
RapidSpike

Vulnerability Disclosure Policy

  • Vulnerability Disclosure Policy
  • Introduction
  • Programme Scope
  • What Happens Next?
  • Rewards

Introduction

As a Website Monitoring provider we believe in taking our own user’s Digital Experience seriously. Our own security and therefore the security of your data in our system is one of our main concerns and highest priorities. We will thoroughly investigate all security vulnerabilities reported to us in accordance with the guidelines outlined here.

Programme Scope

Our platform is made up of multiple subsystems and this programme’s scope includes our platform, public web assets,
and third party services. We will only consider vulnerabilities where the attack can exploit our customers directly.
Please do not submit reports derived from automatic scanning tools, such as SSL Labs or Nessus; we scan our systems regularly,
and will already be aware of (and be in the process of fixing) these issues.

In-Scope Assets

  • www.rapidspike.com
  • my.rapidspike.com
  • api.rapidspike.com

Out-of-Scope Assets

  • status.rapidspike.com
  • results.rapidspike.com
  • journey.rapidspike.com

Out-of-Scope Vulnerabilities

  • Attacks that only affect individual user accounts (such as self-XSS)
  • The presence of application or web browser ‘autocomplete’ messages
  • Logout Cross-Site Request Forgeries
  • Banner disclosure on public services
  • Issues only exploitable through clickjacking
  • Issues only exploitable through compromised third party accounts
  • Issues only exploitable through user error / bad practice
  • Issues identified via DDoS-style (Distributed Denial of Service) attack methods
  • Descriptive error messages

Reporting to RapidSpike

The researcher should email security@rapidspike.com with the vulnerability found. We will only accept vulnerabilities
reported to us that include all of the following:


Please Include

  1. Scope context – see above, only in scope assets will be considered for investigation.
  2. A detailed description of the vulnerability including its effects.
  3. Steps to reproduce including any configuration details, proof-of-concepts or exploit code.
  4. Explanation as to how the vulnerability affects the data integrity/security of our platform

Additional Information

  • Potential fix implementations or ideas
  • Links to further reading such as:
    • blogs,
    • tutorials
    • CVSS scoring

What Happens Next?

1. Contact

We will respond within 2 business days and then provide updates every 20 days at most.

2. Review Process

The team will review all vulnerabilities reported in accordance with the guidelines set out above. We will take steps to reproduce them and will work with the researcher until such a time that the vulnerability can be completely validated.

3. Disclosures

Public disclosures will be made on our blog. If the researcher wishes to publish their findings on their own platforms then we would like this to be done simultaneously with our own disclosure

4. Review Completion

Once the review is complete and the vulnerability has been confirmed, the results will be sent to the researcher along with information about its resolution and any subsequent public disclosure.

Rewards

Rewards are issued at our sole discretion – we do not guarantee that the researcher’s report will result in a reward being issued.

Wall of Fame

Researchers with verified vulnerabilities will have the option to be honoured in a wall of fame with their name and a link of their choosing.

Merchandise

If we decide that a reward should be offered then it will be in the form of branded merchandise (i.e. stickers, T-shirts etc).

Monetary Rewards

Monetary rewards will only be offered if the vulnerability is of the highest significance, which will be decided solely by us; RapidSpike

Company

  • About Us
  • Careers
  • Press
  • Contact

Platform

  • Synthetic Monitoring
  • CartShark Security
  • Performance Monitoring
  • Magecart Attack Detection
  • Third Party Monitoring
  • PCI Compliance
  • Page Load
  • Uptime
  • Assurance & SEO
  • Alerting & Integrations
  • All Features >

Value

  • Pricing
  • Case Studies
  • Magecart Attacks Explained
  • RapidSpike and New Relic

Learn

  • Blog
  • Knowledge Base
  • RapidSpike Academy
  • API Docs
  • System Status
  • Product Roadmap
  • RapidSpike Log In
  • CartShark Log In
X Instagram YouTube Linkedin

© 2025 RapidSpike. All rights reserved.

  • Privacy Policy
  • Terms of Service
  • Vulnerability Disclosure Policy
Scroll to top
  • Synthetics
    • Synthetic User Journeys
    • Magecart Attack Detection
    • Third Party Monitoring
    • Performance Monitoring
  • CartShark
    • CartShark Magecart Detection
    • Magecart Attacks Explained
  • Solutions
    • Enterprise
    • eCommerce
    • Travel
    • Digital
    • Agencies
  • Pricing
  • Blog
  • Log In
    • RapidSpike
    • CartShark